<div dir="ltr">Yeah, I just did another database, our collaboration application, this one had almost 15000 records, now I am not sure if when Midpoint also has a lot of accounts, my testing environment only has about 20 users. Took about 9 minutes, I am pretty sure it is a full recon, I am clicking new task, selecting the resource and then running it,<div><br></div><div><table class=""><tbody><tr><td>Task run last started</td>
                            <td>Monday, 8. Dec 2014 14:53:57</td>
                        </tr>
                        <tr>
                            <td>Task run last finished</td>
                            <td>Monday, 8. Dec 2014 15:02:58</td></tr></tbody></table><br></div><div><table class="" id="table28d3" style="padding-top:0px"><tbody><tr id="id528d9"><td><div>1000000000000042505</div>
                </td><td>
                        <div>com.evolveum.midpoint.common.operation.reconciliation.ResourceReconciliation</div>
                </td><td>
                        <div>SUCCESS</div>
                </td><td>
                        <div>Processed 14283 account(s), got 0 error(s)</div></td></tr></tbody></table></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Dec 8, 2014 at 2:55 PM, Pavol Mederly <span dir="ltr"><<a href="mailto:mederly@evolveum.com" target="_blank">mederly@evolveum.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
  
    
  
  <div bgcolor="#FFFFFF" text="#000000">
    <div>Jason,<br>
      <br>
      are you sure it was really a full recon? :-) E.g. wasn't that a
      dry run in your case?<br>
      <br>
      In my case, I have a testing OpenDJ LDAP server, a local
      PostgreSQL database, and a full recon takes approximately 80
      milliseconds per user:<br>
      <br>
      Finished resource part of object:...(Localhost OpenDJ)
      reconciliation: Processed 1004 account(s), got 0 error(s) Average
      time for one object: 66.80677 ms (<b>wall clock time average:
        77.61056 ms</b>).<br>
      <br>
      Yours 27 minutes = 40,5 milliseconds per user seems to be quite
      impressive :)<br>
      <br>
      Best regards,<br>
      Pavol<br>
      <br>
    </div><div><div class="h5">
    <blockquote type="cite">
      <div dir="ltr">I did a reconcile already from that last time I
        figured out how to do it from one of the previous discussions. I
        just didn't know if it were a standard to do a daily recon on a
        resource.
        <div><br>
        </div>
        <div>It took 27 minutes to do a full Recon, I only have 6
          attributes which 3 are outbound and 3 is both in/out. Name,
          Last, Phone, Email, Department, Profile (extension). This is a
          VMware VM on my workstation also, so surprisingly fast because
          the virtual disk is on the same disk as 10 other running VMs.</div>
        <div><br>
        </div>
        <div>I have almost 6 different resources now, various types, 2
          of which are this type where the resource already has the
          accounts.</div>
        <div><br>
        </div>
        <div>I also upgraded to 3.1 Snapshot, just so I am creating all
          the objects on the latest version.</div>
        <div><br>
        </div>
        <div> </div>
      </div>
      <div class="gmail_extra"><br>
        <div class="gmail_quote">On Mon, Dec 8, 2014 at 1:27 PM, Ivan
          Noris <span dir="ltr"><<a href="mailto:ivan.noris@evolveum.com" target="_blank">ivan.noris@evolveum.com</a>></span>
          wrote:<br>
          <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
            <div bgcolor="#FFFFFF" text="#000000"> Hi Jason,<br>
              <br>
              40.000 accounts is not an issue itself. Just be adwised
              that performance strongly depends not only the number of
              users, but also on configuration of mappings, logging,
              tracing etc. In other words, linking the account is one
              thing, provisioning changes during the recon takes more
              time.<br>
              <br>
              Anyway we appreciate any information about the performance
              in your case when it's finished.<br>
              <br>
              And don't forget to run the dry-run recon first to be sure
              about your correlation rules.<br>
              <br>
              Thanks,<br>
              Ivan
              <div>
                <div><br>
                  <br>
                  <div>On 12/08/2014 06:45 PM, Jason Everling wrote:<br>
                  </div>
                  <blockquote type="cite">
                    <div dir="ltr">Ok thanks, that is what I figured so
                      I just wanted to make sure that was the case. I am
                      going to remove that configuration, it should
                      never create anyways, users will always be listed
                      on that resource first way before midpoint would
                      ever even create the midpoint user account.
                      <div><br>
                      </div>
                      <div>I could also just leave that and run
                        Reconcile on the resource nightly, it has 40,000
                        objects, that should not be an issue right?<br>
                        <div><br>
                        </div>
                        <div>JASON</div>
                      </div>
                    </div>
                    <div class="gmail_extra"><br>
                      <div class="gmail_quote">On Mon, Dec 8, 2014 at
                        11:42 AM, Ivan Noris <span dir="ltr"><<a href="mailto:ivan.noris@evolveum.com" target="_blank">ivan.noris@evolveum.com</a>></span>
                        wrote:<br>
                        <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
                          <div bgcolor="#FFFFFF" text="#000000"> Hi
                            Jason,<br>
                            <br>
                            as the error states, and based on what
                            you've written earlier about disabling
                            creates, it's because the create capability
                            is disabled (deliberately). midPoint tries
                            to create (add) account and the decision
                            that it should be converted to an update
                            comes just after the collision is detected.<span><font color="#888888"><br>
                                <br>
                                I.</font></span>
                            <div>
                              <div><br>
                                <br>
                                <div>On 12/08/2014 06:26 PM, Jason
                                  Everling wrote:<br>
                                </div>
                                <blockquote type="cite">
                                  <div dir="ltr">I figured that this was
                                    the case and I read on the wiki..
                                    <div><br>
                                      <div>"<span style="font-size:13px">Technically,

                                          when midPoint user is assigned
                                          a role that should provision
                                          account on target system and
                                          the account already exists (=
                                          can be correlated), it will be
                                          updated. But the decision is
                                          made upon the provisioning
                                          request."</span></div>
                                    </div>
                                    <div><span style="font-size:13px"><br>
                                      </span></div>
                                    <div><span style="font-size:13px">But
                                        it does not work, it errors out.
                                        Maybe because my resource has
                                        create and delete disabled?
                                        Midpoint will never create or
                                        delete accounts in this
                                        resource.</span></div>
                                    <div><br>
                                    </div>
                                    <div>
                                      <div><span style="white-space:pre-wrap">
                                        </span><cap:create></div>
                                      <div>                   
                                        <cap:enabled>false</cap:enabled></div>
                                      <div>               
                                        </cap:create></div>
                                      <div>               
                                        <cap:delete></div>
                                      <div><span style="white-space:pre-wrap">
                                        </span><cap:enabled>false</cap:enabled></div>
                                      <div>               
                                        </cap:delete></div>
                                    </div>
                                    <div><br>
                                    </div>
                                    <div>Starting error,</div>
                                    <div><br>
                                    </div>
                                    <div>com.evolveum.midpoint.util.exception.SystemException:


                                      com.evolveum.midpoint.util.exception.SystemException:


                                      java.lang.UnsupportedOperationException:

                                      Resource does not support 'create'
                                      operation<br>
                                    </div>
                                    <div><br>
                                    </div>
                                    <div>This is when I have a role that
                                      has an inducement for this
                                      resource which I would have
                                      thought would just link since it
                                      already exists, the correlation is
                                      employeeNumber like all of my
                                      other resources.</div>
                                    <div><br>
                                    </div>
                                    <div>JASON</div>
                                  </div>
                                  <div class="gmail_extra"><br>
                                    <div class="gmail_quote">On Mon, Dec
                                      8, 2014 at 10:52 AM, Ivan Noris <span dir="ltr"><<a href="mailto:ivan.noris@evolveum.com" target="_blank">ivan.noris@evolveum.com</a>></span>
                                      wrote:<br>
                                      <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
                                        <div bgcolor="#FFFFFF" text="#000000"> Hi Jason,<br>
                                          <br>
                                          in general, the deployment is
                                          as follows:<br>
                                          <br>
                                          1. import/reconcile from
                                          source system(s) to create
                                          identities (users) in
                                          midPoint. This may also create
                                          additional accounts in other
                                          systems (i.e. that were not
                                          provisioned before).<br>
                                          2. create reconciliation tasks
                                          for all other systems, where
                                          the accounts already exists
                                          and should be linked to
                                          midpoint identities.<br>
                                          <br>
                                          Based on the mappings in your
                                          resources, the reconciliations
                                          may modify the data on the
                                          reconciled resources (outbound
                                          mappings).<br>
                                          <br>
                                          Technically, when midPoint
                                          user is assigned a role that
                                          should provision account on
                                          target system and the account
                                          already exists (= can be
                                          correlated), it will be
                                          updated. But the decision is
                                          made upon the provisioning
                                          request.<br>
                                          <br>
                                          So I'd recommend to setup the
                                          reconciliation tasks, and
                                          start them first with the
                                          "dry-run" flag to see how many
                                          accounts can be correlated to
                                          midPoint users.<br>
                                          <br>
                                          Regards,<br>
                                          Ivan
                                          <div>
                                            <div><br>
                                              <br>
                                              <div>On 12/08/2014 04:51
                                                PM, Jason Everling
                                                wrote:<br>
                                              </div>
                                            </div>
                                          </div>
                                          <blockquote type="cite">
                                            <div>
                                              <div>
                                                <div dir="ltr">So here
                                                  is the scenario,
                                                  <div><br>
                                                  </div>
                                                  <div>There is a
                                                    DBTable resource
                                                    that already has all
                                                    the accounts,
                                                    midpoint will not
                                                    create or delete
                                                    from this resource.</div>
                                                  <div><br>
                                                  </div>
                                                  <div>The user does not
                                                    exist yet in
                                                    Midpoint, The users
                                                    are created in
                                                    midpoint using
                                                    another DBTable
                                                    resource.</div>
                                                  <div><br>
                                                  </div>
                                                  <div>How can I link
                                                    the newly created
                                                    user in Midpoint to
                                                    their account in the
                                                    other resource,</div>
                                                  <div><br>
                                                  </div>
                                                  <div>I can do this by
                                                    running a reconcile
                                                    task on the resource
                                                    but is there any
                                                    other way to link
                                                    users to accounts on
                                                    other resources
                                                    since they already
                                                    exist without having
                                                    to run reconcile on
                                                    the resource
                                                    everytime?</div>
                                                  <div><br>
                                                  </div>
                                                  <div>Thanks,</div>
                                                  <div>JASON</div>
                                                </div>
                                                <br>
                                              </div>
                                            </div>
                                            <font><br>
                                              <br>
                                              CONFIDENTIALITY NOTICE:<br>
                                              This e-mail together with
                                              any attachments is
                                              proprietary and
                                              confidential; intended for
                                              only the recipient(s)
                                              named above and may
                                              contain information that
                                              is privileged. You should
                                              not retain, copy or use
                                              this e-mail or any
                                              attachments for any
                                              purpose, or disclose all
                                              or any part of the
                                              contents to any person.
                                              Any views or opinions
                                              expressed in this e-mail
                                              are those of the author
                                              and do not represent those
                                              of the Baptist School of
                                              Health Professions. If you
                                              have received this e-mail
                                              in error, or are not the
                                              named recipient(s), you
                                              are hereby notified that
                                              any review, dissemination,
                                              distribution or copying of
                                              this communication is
                                              prohibited by the sender
                                              and to do so might
                                              constitute a violation of
                                              the Electronic
                                              Communications Privacy
                                              Act, 18 U.S.C. section
                                              2510-2521. Please
                                              immediately notify the
                                              sender and delete this
                                              e-mail and any attachments
                                              from your computer. </font><br>
                                            <br>
                                            <fieldset></fieldset>
                                            <br>
                                            <pre>_______________________________________________
midPoint mailing list
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><span><font color="#888888">
</font></span></pre>
                                            <span><font color="#888888">
                                              </font></span></blockquote>
                                          <span><font color="#888888"> <br>
                                              <pre cols="72">-- 
  Ing. Ivan Noris
  Senior Identity Management Engineer
  <a href="http://evolveum.com" target="_blank">evolveum.com</a>     <a href="http://evolveum.com/blog/" target="_blank">evolveum.com/blog/</a>
  _____________________________________________
  "Semper Id(e)M Vix."
</pre>
                                            </font></span></div>
                                        <br>
_______________________________________________<br>
                                        midPoint mailing list<br>
                                        <a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
                                        <a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
                                        <br>
                                      </blockquote>
                                    </div>
                                    <br>
                                  </div>
                                  <br>
                                  <font><br>
                                    <br>
                                    CONFIDENTIALITY NOTICE:<br>
                                    This e-mail together with any
                                    attachments is proprietary and
                                    confidential; intended for only the
                                    recipient(s) named above and may
                                    contain information that is
                                    privileged. You should not retain,
                                    copy or use this e-mail or any
                                    attachments for any purpose, or
                                    disclose all or any part of the
                                    contents to any person. Any views or
                                    opinions expressed in this e-mail
                                    are those of the author and do not
                                    represent those of the Baptist
                                    School of Health Professions. If you
                                    have received this e-mail in error,
                                    or are not the named recipient(s),
                                    you are hereby notified that any
                                    review, dissemination, distribution
                                    or copying of this communication is
                                    prohibited by the sender and to do
                                    so might constitute a violation of
                                    the Electronic Communications
                                    Privacy Act, 18 U.S.C. section
                                    2510-2521. Please immediately notify
                                    the sender and delete this e-mail
                                    and any attachments from your
                                    computer. </font><br>
                                  <br>
                                  <fieldset></fieldset>
                                  <br>
                                  <pre>_______________________________________________
midPoint mailing list
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
                                </blockquote>
                                <br>
                                <pre cols="72">-- 
  Ing. Ivan Noris
  Senior Identity Management Engineer
  <a href="http://evolveum.com" target="_blank">evolveum.com</a>     <a href="http://evolveum.com/blog/" target="_blank">evolveum.com/blog/</a>
  _____________________________________________
  "Semper Id(e)M Vix."
</pre>
                              </div>
                            </div>
                          </div>
                          <br>
_______________________________________________<br>
                          midPoint mailing list<br>
                          <a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
                          <a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
                          <br>
                        </blockquote>
                      </div>
                      <br>
                    </div>
                    <br>
                    <font><br>
                      <br>
                      CONFIDENTIALITY NOTICE:<br>
                      This e-mail together with any attachments is
                      proprietary and confidential; intended for only
                      the recipient(s) named above and may contain
                      information that is privileged. You should not
                      retain, copy or use this e-mail or any attachments
                      for any purpose, or disclose all or any part of
                      the contents to any person. Any views or opinions
                      expressed in this e-mail are those of the author
                      and do not represent those of the Baptist School
                      of Health Professions. If you have received this
                      e-mail in error, or are not the named
                      recipient(s), you are hereby notified that any
                      review, dissemination, distribution or copying of
                      this communication is prohibited by the sender and
                      to do so might constitute a violation of the
                      Electronic Communications Privacy Act, 18 U.S.C.
                      section 2510-2521. Please immediately notify the
                      sender and delete this e-mail and any attachments
                      from your computer. </font><br>
                    <br>
                    <fieldset></fieldset>
                    <br>
                    <pre>_______________________________________________
midPoint mailing list
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
                  </blockquote>
                  <br>
                  <pre cols="72">-- 
  Ing. Ivan Noris
  Senior Identity Management Engineer
  <a href="http://evolveum.com" target="_blank">evolveum.com</a>     <a href="http://evolveum.com/blog/" target="_blank">evolveum.com/blog/</a>
  _____________________________________________
  "Semper Id(e)M Vix."
</pre>
                </div>
              </div>
            </div>
            <br>
            _______________________________________________<br>
            midPoint mailing list<br>
            <a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
            <a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
            <br>
          </blockquote>
        </div>
        <br>
      </div>
      <br>
      <font><br>
        <br>
        CONFIDENTIALITY NOTICE:<br>
        This e-mail together with any attachments is proprietary and
        confidential; intended for only the recipient(s) named above and
        may contain information that is privileged. You should not
        retain, copy or use this e-mail or any attachments for any
        purpose, or disclose all or any part of the contents to any
        person. Any views or opinions expressed in this e-mail are those
        of the author and do not represent those of the Baptist School
        of Health Professions. If you have received this e-mail in
        error, or are not the named recipient(s), you are hereby
        notified that any review, dissemination, distribution or copying
        of this communication is prohibited by the sender and to do so
        might constitute a violation of the Electronic Communications
        Privacy Act, 18 U.S.C. section 2510-2521. Please immediately
        notify the sender and delete this e-mail and any attachments
        from your computer. </font><br>
      <br>
      <fieldset></fieldset>
      <br>
      <pre>_______________________________________________
midPoint mailing list
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
    </blockquote>
    <br>
  </div></div></div>

<br>_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a><br>
<a href="http://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">http://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
<br></blockquote></div><br></div>

<br>
<font size="2"><br><br>CONFIDENTIALITY NOTICE:<br>This e-mail together with any attachments is proprietary and confidential; intended for only the recipient(s) named above and may contain information that is privileged. You should not retain, copy or use this e-mail or any attachments for any purpose, or disclose all or any part of the contents to any person. Any views or opinions expressed in this e-mail are those of the author and do not represent those of the Baptist School of Health Professions. If you have received this e-mail in error, or are not the named recipient(s), you are hereby notified that any review, dissemination, distribution or copying of this communication is prohibited by the sender and to do so might constitute a violation of the Electronic Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the sender and delete this e-mail and any attachments from your computer. </font><br>